BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
A service-level agreement (SLA) is a contract between a service provider and its customers that documents what services the provider will furnish and defines the service standards the provider is obligated to meet.
A service-level commitment (SLC) is a broader and more generalized form of an SLA. The two differ because an SLA is bidirectional and involves two teams. In contrast, an SLC is a single-directional obligation that establishes what a team can guarantee its customers at any given time.
Why are SLAs important?
Service providers need SLAs to help them manage customer expectations and define the severity levels and circumstances under which they are not liable for outages or performance issues. Customers can also benefit from SLAs because the contract describes the performance characteristics of the service -- which can be compared with other vendors' SLAs -- and sets forth the means for redressing service issues.
The SLA is typically one of two foundational agreements that service providers have with their customers. Many service providers establish a master service agreement to establish the general terms and conditions in which they will work with customers. The SLA is often incorporated by reference in the service provider's master service agreement. Between the two service contracts, the SLA adds greater specificity regarding the services provided and the metrics that will be used to measure their performance.
When IT outsourcing emerged in the late 1980s, SLAs evolved as a mechanism to govern such relationships. Service-level agreements set the expectations for a service provider's performance and established penalties for missing the targets and, in some cases, bonuses for exceeding them. Since outsourcing projects were frequently customized for a particular customer, outsourcing SLAs were often drafted to govern a specific project.
As managed services and cloud computing services become more prevalent, SLAs evolve to address the new approaches. Shared services, rather than customized resources, characterize the newer contracting methods, so service-level commitments are frequently used to produce broad agreements that are intended to cover all of a service provider's customers.
Who needs a service-level agreement?
SLAs are thought to have originated with network service providers but are now widely used in a range of IT-related fields. Some examples of industries that establish SLAs include IT service providers and managed service providers, as well as cloud computing and internet service providers.
Corporate IT organizations, particularly those who have embraced IT service management, enter SLAs with their in-house customers -- users in other departments within the enterprise. An IT department creates an SLA so that its services can be measured, justified and perhaps compared with those of outsourcing vendors.
What is in an SLA?
In broad terms, an SLA will typically include a statement of objectives, a list of the services to be covered by the agreement and a definition of the responsibilities of the service provider and customer under the SLA.
The customer, for example, will be responsible for making a representative available to resolve issues with the service provider in connection with the SLA. The service provider will be responsible for meeting the level of service as defined by the SLA. The service provider's performance is judged according to a set of metrics. Response time and resolution time are among the key metrics included in an SLA, since they relate to how the service provider deals with a service interruption.
Key components of an SLA
Key components of a service-level agreement include:
Agreement overview -- This first section sets forth the basics of the agreement, including the parties involved, the start date and a general introduction of the services provided.
Description of services -- The SLA needs detailed descriptions of every service offered, under all possible circumstances, with the turnaround times included. Service definitions should include how the services are delivered, whether maintenance service is offered, what the hours of operation are, where dependencies exist, an outline of the processes and a list of all technology and applications used.
Exclusions -- Specific services that are not offered should also be clearly defined to avoid confusion and eliminate room for assumptions from other parties.
Service performance -- Performance measurement metrics and performance levels are defined. The client and service provider should agree on a list of all the metrics they will use to measure the service levels of the provider.
Redressing -- Compensation or payment should be defined in the event that a provider cannot properly fulfill their SLA.
Stakeholders -- Clearly defines the parties involved in the agreement and establishes their responsibilities.
Security -- All security measures that will be taken by the service provider are defined. Typically, this includes the drafting and consensus on antipoaching, IT security and nondisclosure agreements.
Risk management and disaster recovery -- Risk management processes and a disaster recovery plan are established and clearly communicated.
Service tracking and reporting -- This section defines the reporting structure, tracking intervals and stakeholders involved in the agreement.
Periodic review and change processes -- The SLA and all established key performance indicators (KPIs) should be regularly reviewed. This process is defined as well as the appropriate process for making changes.
Termination process -- The SLA should define the circumstances under which the agreement can be terminated or will expire. The notice period from either side should also be established.
Signatures -- Finally, all stakeholders and authorized participants from both parties must sign the document to show their approval of every detail and process.
How to validate SLA levels
Verifying the provider's service delivery levels is necessary to the enforcement of a service-level agreement. If the SLA is not being properly fulfilled, then the client may be able to claim the compensation agreed upon in the contract.
Most service providers make their service-level statistics available through an online portal. This allows customers to track whether the proper service level is being maintained. If they find it is not, the portal also allows clients to see if they're eligible for compensation.
These systems and processes are frequently controlled by specialized third-party companies. If this is the case, then it is necessary for the third party to also be included in the SLA negotiations. This will provide them with clarity about the service levels that should be tracked and explanations of how to track them.
Tools that automate the capturing and displaying of service-level performance data are also available.
SLAs and indemnification clauses
An indemnification is a contractual obligation made by one party -- the indemnitor -- to redress the damages, losses and liabilities experienced by another party -- the indemnitee -- or by a third party. Within an SLA, an indemnification clause will require the service provider to acknowledge that the customer is not responsible for any costs incurred through violations of contract warranties. The indemnification clause will also require the service provider to pay the customer for any litigation costs from third parties that resulted from the contract breach.
To limit the scope of indemnifications, a service provider can:
- consultant an attorney;
- limit the number of indemnitees;
- establish monetary caps for the clause;
- create time limits; and
- define the point at which the responsibility of indemnification starts.
SLAs establish customer expectations regarding the service provider's performance and quality in several ways. Some metrics that SLAs may specify include:
- Availability and uptime percentage -- The amount of time services are running and accessible to the customer. Uptime is generally tracked and reported per calendar month or billing cycle.
- Specific performance benchmarks -- Actual performance will be periodically compared to these benchmarks.
- Service provider response time -- The time it takes the service provider to respond to a customer's issue or request. A larger service provider may operate a service desk to respond to customer inquiries.
- Resolution time -- The time it takes for an issue to be resolved once logged by the service provider.
Other metrics include the schedule for notification in advance of network changes that may affect users and general service usage statistics.
An SLA may specify availability, performance and other parameters for different types of customer infrastructure, such as internal networks, servers and infrastructure components like uninterruptable power supplies.
Considerations for SLA metrics
When choosing which performance metrics to include in the SLA, a company should consider the following factors.
The measurements should motivate the right behavior. When defining the metrics, both parties should remember that the metrics' goal is to motivate the appropriate behavior on behalf of the service provider and the customer.
The metrics should only reflect factors that are within the service provider's reasonable control. The measurements should also be easy to collect. Furthermore, both parties should resist choosing excessive amounts of metrics or measurements that produce large amounts of data. However, including too few metrics can also be a problem, as missing one could make it look like the contract has been breached.
For the established metrics to be useful, a proper baseline must be established with the measurements set to reasonable and attainable performance levels. This baseline will likely be redefined throughout the parties' involvement in the agreement, using the processes specified in the periodic review and change section of the SLA.
An earn back is a provision that may be included in the SLA that allows providers to regain service-level credits if they perform at or above the standard service level for a certain amount of time. Earn backs are a response to the standardization and popularity of service-level credits.
Service-level credits, or, simply, service credits, should be the sole and exclusive remedy available to customers to compensate for service-level failures. A service credit deducts an amount of money from the total amount to be paid under the contract if the service provider fails to meet service delivery and performance standards.
If both parties agree to include earn backs in the SLA, then the process should be defined carefully at the beginning of the negotiation and integrated into the service-level methodology.
Penalties: Repercussions for breaking terms
In addition to establishing performance metrics, an SLA may include a plan for addressing downtime and documentation for how the service provider will compensate customers in the event of a contract breach. Service credits are a typical remedy. For example, service providers might provide credits commensurate with the amount of time they exceeded the SLA's performance guarantee. A service provider may cap performance penalties at a maximum dollar amount to limit exposure.
The SLA will also include a section detailing exclusions, that is, situations in which an SLA's guarantees -- and penalties for failing to meet them -- don't apply. The list might include events such as natural disasters or terrorist acts. This section is sometimes referred to as a force majeure clause, which aims to excuse the service provider from events beyond its reasonable control.
There are three basic types of SLAs: customer, internal and vendor service-level agreements.
A customer service-level agreement is between the provider and an external customer. An internal SLA is between the provider and their internal customer -- this could be another organization, department or site. Finally, a vendor SLA is between the provider and the vendor.
Beyond these three types are three other classifications: customer-based, service-based and multi-level SLAs.
In a customer-based SLA, the customer and service provider come to a negotiated agreement on the services that will be provided. For example, a company may negotiate with the IT service provider that manages its billing system to define their specific relationship and expectations in detail.
In a service-based SLA, all customers working with the service provider receive similar terms. For example, a cable TV provider will indicate the services it offers to all its clients as well as the additional services, or channels, that are available as part of the package.
A multi-level SLA will divide the agreement into various levels that are specific to a series of customers using the service. For example, a software-as-a-service provider might offer basic services and support to all customers using a product, but they could also offer different price ranges when buying the product that dictates different service levels. These different levels of service will be layered into the multi-level SLA.
One specific example of an SLA is a data center service-level agreement. This SLA will include:
- An uptime guarantee that indicates the percentage of time the system is available. Nothing less than a 99.99% uptime should be considered acceptable for modern, enterprise-level data centers.
- A definition of proper environmental conditions. This should include oversight and maintenance practices as well as heating and cooling standards.
- The promise of technical support. Customers must be confident that data center staff will respond quickly and effectively to any problem, and they will be available at any time to address it.
- Detailed security precautions that will keep the customer's assets secure. This could include cybersecurity measures that protect against cyberattacks as well as physical security measures that restrict data center access to authorized personnel. Physical security features could include two-factor authentication, gated entries, cameras and biometric authentication.
Another specific example of an SLA is an internet service provider service-level agreement. This SLA will include an uptime guarantee, but it will also define packet delivery expectations and latency. Packet delivery refers to the percentage of data packets that are received compared to the total number of data packets sent. Latency is the amount of time it takes a packet to travel between clients and servers.
Do you actively monitor your WAN service-level agreement?